Java Technology Home Page
Downloads, APIs, Documentation
Java Developer Connection
Docs, Tutorials, Tech Articles, Training
Online Support
Community Discussion
News & Events from Everywhere
Products from Everywhere
How Java Technology is Used Worldwide

Help pagesA-Z Index

The Source for Java Technology

JavaTM Secure Socket Extension (JSSE) 1.0.2

JSSE has been integrated into the J2SDK!

JSSE has been integrated into the JavaTM 2 SDK, Standard Edition (J2SDK), v 1.4, which is currently a Beta release.



Overview

The JavaTM Secure Socket Extension (JSSE) 1.0.2 is a set of Java packages that enable secure Internet communications. It implements a Java version of SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols and includes functionality for data encryption, server authentication, message integrity, and optional client authentication. Using JSSE, developers can provide for the secure passage of data between a client and a server running any application protocol (such as HTTP, Telnet, NNTP, and FTP) over TCP/IP.

This release of JSSE is a non-commercial reference implementation that demonstrates a working example of the JSSE APIs. A reference implementation is similar to a proof-of-concept implementation of an API specification. It is used to demonstrate that the specification is implementable and that various compatibility tests can be written against it.

A non-commercial implementation typically lacks the overall completeness of a commercial-grade product. While the implementation meets the API specification, it will be lacking things such as a fully-featured toolkit, sophisticated debugging tools, commercial-grade documentation and regular maintenance updates.

Changes in JSSE with version 1.0.2:

  • Recent modifications in the United States export regulations now allow Sun to include stronger cryptographic algorithms in the global version of JSSE. Note that while there are two downloads, a domestic (US/Canada) and a global version, they provide the same encryption strength. The domestic version supports alternate SSL security providers; the global version supports only the Sun SSL provider.
  • JSSE was modified to run on PersonalJavaTM 3.1.
  • JSSE 1.0.2 incorporated several bug fixes.
  • JSSE 1.0.2 incorporated documentation improvements, including a substantially expanded and clarified JSSE API User's Guide.

Why use JSSE?

JSSE enables developers to utilize secure, encrypted communication channels in their applications. By abstracting the complex underlying security algorithms and "handshaking" mechanisms, JSSE minimizes the risk of creating subtle but dangerous security vulnerabilities. Furthermore, it simplifies application development by serving as a building block which developers can integrate directly into their applications.

The JavaTM Secure Socket Extension (JSSE) 1.0.2 provides Secure Sockets Layer (SSL) v3 and Transport Layer Security (TLS) 1.0 support to the Java 2 Platform. SSL is a public-key-based network security protocol widely used to authenticate, privacy-protect, and ensure message integrity of transactions made over the Internet.

Important Features

  • Pure Java implementation
  • Exportable
  • Secure Sockets Layer (SSL) v3 support
  • Transport Layer Security (TLS) 1.0 support
  • Basic utilities for key and certificate management, including securely encrypted storage of private keys and Certificate Authority (CA) support
  • SSLSocket and SSLServerSocket classes, which can be instantiated to create secure channels
  • Cipher Suite negotiation, which performs SSL "handshaking" to initiate or verify secure communications
  • Client and server authentication, as a part of the normal SSL handshaking
  • HTTPS support: the ability to access data such as HTML pages using HTTPS
  • Server Session Management to manage the cache of sessions.
  • RSA cryptography algorithms -- the JSSE implementation includes code licensed from RSA Data Security.
  • Cryptographic suites, including:

    Domestic and Global
    Cryptographic Suite Key Length
    RSA public key (authentication and key agreement) 2048 bits (authentication), 2048 bits (key agreement)
    RC4 (bulk encryption) 128 bits
    DES (bulk encryption) 64 bits (56 effective)
    Triple DES (bulk encryption) 192 bits (112 effective)
    Diffie-Hellman public key (key agreement) 1024 bits
    DSA public key (authentication) 2048 bits

Business Considerations

Sun's release of JSSE 1.0.2 is a non-commercial reference implementation. However, the binary implementation may be used royalty-free as part of commercial applications. See the software license for more information.

The objective of this release is to provide an exportable version of JSSE with strong encryption, enable JSSE compatibility with PersonalJavaTM 3.1 and fix bugs.

Questions, Support, Reporting Bugs and Feedback

Questions

For miscellaneous questions about JSSE 1.0.2 usage and deployment, we encourage you to read the JSSE 1.0.2 Frequently Asked Questions (FAQ), the Java Security Q&A Archives and the Java Developer Connection forums. These discussion forums allow you to tap into the experience of other users, ask questions, or offer tips to others on a variety of Java related topics including JSSE 1.0.2. There is no fee to participate.

Although not supported by Sun, an alternative for technical expertise may be found at:

http://www.hotdispatch.com/sun

Support

For more extensive JSSE 1.0.2 questions or deployment issues, Sun currently offers several levels of developer support for the Java 2 platform (including the JSSE 1.0.2 Extension):
  • Per-Incident
  • Developer Access DirectSM
  • Developer Access PlusSM
For more information, please see:
http://www.sun.com/developer/support/
Please be aware that we may be barred from offering technical support specifically regarding encryption implementations of the JSSE APIs to people outside the U.S. or Canada, according to U.S. regulations.

Reporting Bugs

To report bugs or request a feature, please see:
 http://java.sun.com/cgi-bin/bugreport.cgi

Feedback

 Please send general comments about JSSE 1.0.2 to:
java-security@sun.com.
Though we value your input, before sending your feedback, please search the Java Security Q&A Archives and review our pages of Frequently Asked Questions (FAQ).

Please note that due to the volume of messages we receive, we may not be able to respond to every individual message.

For other comments/suggestions concerning the web sites, please use the feedback form.

Requirements

JSSE 1.0.2 requires that you have JavaTM 2 SDK v 1.2.1 or later or JavaTM 2 Runtime Environment v 1.2.1 or later already installed.

More Info

Downloads

JSSE is packaged so that you can download the class libraries (binaries for domestic or export versions) and documentation, documentation only, or sample source code. The documentation consists of the API User's Guide and the API Specification. The JSSE 1.0.2 API Specification is also available for viewing online.

Note: If your browser renames the zip files when you download them, you may simply unzip them the way they are or you may rename them to their original names and then unzip them.

THE DOMESTIC VERSION OF THE SOFTWARE IS RESTRICTED TO THE UNITED STATES AND CANADA. If you do not reside in the United States or Canada, you will not be able to download the domestic version.

JSSE 1.0.2 software and documentation

JSSE 1.0.2 documentation only

JSSE 1.0.2 sample source code

Please contact csr-customer-service@Sun.COM for download problems.
 

Most Recent Release

JSSE has been integrated into the JavaTM 2 SDK, Standard Edition (J2SDK), v 1.4, which is currently a Beta release.


HOME | CHANGES | README | LICENSE | COPYRIGHT
INSTALL | FAQ | KNOWN BUGS | SUBMIT BUGS



[ This page was updated: 24-May-01 ]

Products & APIs | Developer Connection | Docs & Training | Support
Community Discussion | Industry News | Solutions Marketplace | Case Studies
Glossary - Help Pages

For answers to common questions and further contact
information please see the java.sun.com Help Pages.
Sun Microsystems, Inc.
Copyright © 1995-2001 Sun Microsystems, Inc.
All Rights Reserved. Terms of Use. Privacy Policy.